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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

1-20 (Cancelled). 

21 . (Currently amended) A method for providing access to an online service, the method 
comprising: 

receiving, at a first electronic appliance, a first digital certificate from a second electronic 
appliance associated with a user, the first digital certificate attesting to at least one attribute of 
the user; 

determining, by the first electronic appliance, based at least in part on the first digital 
certificate, whether the user is authorized to access the online service; 

issuing, by the first electronic appliance, based on the determination of whether the user 
is authorized to access the online service, a second digital certificate to the user, the second 
digital certificate attesting to the user's permission to access the online service; 

sending, from the first electronic appliance to the second appliance, the second digital 
certificate; and 

collecting, by the first electronic appliance, audit record information relating to the user's 
use of the online service. 

22. (Previously presented) A method as in claim 21 , further comprising: 

receiving, at the second electronic appliance, a request from the user to access the 
online service; 

checking, by the second electronic appliance, the second digital certificate to determine 
whether the user has permission to access the online service; and 

allowing, by the second electronic appliance, the user to access the online service based 
on the determination of whether the user has permission to access the online service. 
-2- 



PATENT 

Attorney Docket No.: 07451 .0005-04000 
Intertrust Ref. No.: IT-7.2.1 (US) 

23. (Previously presented) A method as in claim 22, in which said checking step is 
performed in a protected processing environment at the second electronic appliance. 

24. (Previously presented) A method as in claim 21 , further comprising: 

sending, from the first electronic appliance to the second electronic appliance, software 
for using the online service to the second electronic appliance; and 

sending, from the first electronic appliance to the second electronic appliance, a digital 
signature for determining the integrity of the software to the user. 

25. (Previously presented) A method as in claim 24, in which the digital signature is bound, 
at least in part, to the identity of the online service. 

26. (Previously presented) A method as in claim 21 , further comprising: 

sending, from the first electronic appliance to the second electronic appliance, a third 
digital certificate, the third digital certificate attesting to the identity of the online service, the third 
digital certificate being issued by a certifying authority. 

27. (Previously presented) A method as in claim 26, in which the first digital certificate is 
issued by the certifying authority. 

28. (Previously presented) A method as in claim 21 , in which the first digital certificate 
includes an indication of the user's age. 

29. (Previously presented) A method as in claim 21 , in which the first digital certificate 
identifies a party responsible for paying for the user's access to online services. 
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30. (Previously presented) A method as in claim 29, further comprising: 

sending, by the first electronic appliance, a request for payment to the party responsible 
for paying for the user's access to online services; and 

receiving, at the first electronic appliance, an indication that payment has been received. 

31 . (Previously presented) A method as in claim 30, in which the steps of (a) sending a 
request for payment and (b) receiving an indication that payment has been received are 
performed prior to performing the step of sending the second digital certificate to the user. 

32. (Previously presented) A method as in claim 21 , in which the second digital certificate 
attests to the user's permission to access the online service until a specified date. 

33. (Previously presented) A method as in claim 21, in which the at least one attribute 
comprises an indication of the amount of purchases the user is allowed to make in a given time 
period. 

34. (Previously presented) A method as in claim 21 , in which the online service comprises 
an interactive online game. 

35. (Previously presented) A method as in claim 34, further comprising: 

sending, from the first electronic appliance to the second electronic appliance software 
for playing the online game to the user in a secure container. 

36. (Previously presented) A method as in claim 21 , in which the online service comprises a 
subscription. 



PATENT 

Attorney Docket No.: 07451.0005-04000 
Intertrust Ref. No.: IT-7.2.1 (US) 

37. (Previously presented) A method as in claim 36, in which the second digital certificate 
includes an expiration date of the subscription. 

38. (Previously presented) A method as in claim 21 , further comprising: 
collecting, by the first electronic appliance, payment information from the user. 

39. (Previously presented) A method as in claim 38, further comprising: 
sending, by the first electronic appliance, the payment information to a financial 

clearinghouse. 

40. (Cancelled) 

41 . (Currently amended) A method as in claim 21 , further comprising: 

sending, by the first electronic appliance, the audit record information relat i ng to th e 
us e r's us e of th e on l in e servic e to a usage clearinghouse. 

42. (Withdrawn) A method for accessing an online service, the method comprising: 
sending a first request to access an online service from a user's site to an online service 

provider's website, the first request including a first digital certificate attesting to at least one 
attribute of the user; 

receiving a request for payment information; 

sending the payment information to the online service provider's website, or a website 
associated therewith; and 

receiving a second digital certificate, the second digital certificate indicating that the user 
is authorized to access the online service; 

-5- 



PATENT 

Attorney Docket No.: 07451.0005-04000 
Intertrust Ref. No.: IT-7.2.1 (US) 

accessing the online service. 

43. (Withdrawn) A method as in claim 42, further comprising: 
sending a second request to access the online service; 

checking the second digital certificate to determine whether the user has permission to 
access the online service; and 

allowing the user to access the online service if it is determined that the user has 
permission to access the online service. 

44. . (Withdrawn) A method as in claim 43, in which said checking step is performed in a 
protected processing environment at the user's computer system. 

45. (Withdrawn) A method as in claim 42, further comprising: 
receiving software for using the online service; 

receiving a digital signature for determining the integrity of the software. 

46. (Withdrawn) A method as in claim 45, in which the digital signature is bound, at least in 
part, to the identity of the online service. 

47. (Withdrawn) A method as in claim 42, further comprising: 

receiving a third digital certificate, the third digital certificate attesting to the identify of the 
online service, the third digital certificate being issued by a certifying authority. 

48. (Withdrawn) A method as in claim 47, in which the first digital certificate is issued by the 
certifying authority. 
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49. (Withdrawn) A method as in claim 42, in which the first digital certificate includes an 
indication of the user's age. 

50. (Withdrawn) A method as in claim 42, in which the first digital certificate identifies a party 
responsible for paying for the user's access to online services. 

51 . (Withdrawn) A method as in claim 42, in which the second digital certificate attests to the 
user's permission to access the online service until a specified date. 

52. (Withdrawn) A method as in claim 42, in which the at least one attribute comprises an 
indication of the amount of purchases the user is allowed to make in a given time period. 

53. (Withdrawn) A method as in claim 42, in which the online service comprises an 
interactive online game. 

54. (Withdrawn) A method as in claim 53, further comprising: 

receiving a secure container from the online service provider's website, the secure 
container containing software for playing the online game. 

55. (Withdrawn) A method as in claim 42, in which the online service comprises a 
subscription. 

56. (Withdrawn) A method as in claim 55, in which the second digital certificate includes an 
expiration date of the subscription. 

57. (Withdrawn) A method as in claim 42, further comprising: 
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sending information relating to the user's use of the online service to a remote site. 

58. (Withdrawn) A method as in claim 57, in which the remote site comprises a usage 
clearinghouse. 

59. (Withdrawn) A method as in claim 57, in which the remote site comprises the online 
service provider's website. 

60. (Canceled) 

61. (Canceled) 

62. (Withdrawn) A computer program product stored on a computer-readable medium, the 
computer program product including instructions that, when executed by a computer system, 
cause the computer system to perform acts comprising: 

sending a first request to access an online service to an online service provider's 
website, the first request including a first digital certificate attesting to at least one attribute of a 
user; 

receiving a request for payment information; 
sending the payment information to the online service provider's website, or a website 
associated therewith; 

receiving a second digital certificate, the second digital certificate indicating that the user 
is authorized to access the online service; and 
accessing the online service. 
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63. (Withdrawn) A computer program product as in claim 62, the computer program product 
further including instructions that, when executed by a computer system, cause the computer 
system to perform acts comprising: 

sending a second request to access the online service; 

checking the second digital certificate to determine whether the user has permission to 
access the online service; and 

allowing the user to access the online service if it is determined that the user has 
permission to access the online service. 



